In today’s digital age, securing your online accounts is more important than ever. One of the most effective ways to protect your information is by creating strong passwords. Here are some essential tips to help you craft passwords that are both secure and easy to remember:

Password Creation

Avoid using common passwords like “123456” or “password.” These are easily guessable and provide little protection. Steer clear of using personal information such as names of family members, pets, anniversary or birth dates, or visible items in your work area. For example, if you have a coffee mug of your favorite sports team on your desk, avoid using related terms. This type of information can be researched on your social media accounts. Instead, make your password unique and unrelated to your personal life.

Password Length

While the PCI DSS requires passwords to be at least seven characters long, we recommend using passwords that are 10-12 characters for most applications. Longer passwords are generally more secure and harder to crack.

Password Structure

A strong password should include a mix of special characters, uppercase and lowercase letters, and numbers. Consider using a passphrase instead of a traditional password. For example, “I love my shoes” combined with a date, where the letters in “love” are all capitalized, and the S’s in “shoes” are dollar signs: iLOVEmy$hoe$2017. This approach creates a complex yet memorable password.

Change Passwords Regularly

The PCI DSS recommends changing passwords every 90 days or less. Regular updates reduce the time hackers have to break your password and narrow the window of opportunity for unauthorized access.

Don’t Use the Same Password for Multiple Systems

Using the same password across multiple systems, applications, or websites increases the risk of compromise. If one account is breached, it can lead to unauthorized access to other accounts. Ensure each password is unique to its respective system.

Limit Login Attempts

Limit the number of times individuals can try and fail to access a system. After a set number of unsuccessful login attempts, lock the account and require administrative assistance to unlock it. The PCI DSS requires this limit to be no more than six failed attempts.

Beyond Passwords: Multi-Factor Authentication

While strong passwords are crucial, they are not the only defense against cyber threats. Multi-factor authentication (MFA) adds an extra layer of security by requiring a secondary method of authentication, such as a code sent to your phone or a fingerprint scan. This significantly reduces the risk of compromise, even if your password is stolen.

Real-World Example

Recently, Deloitte, one of the world’s largest auditing and consulting firms, experienced a cybersecurity attack that compromised confidential emails of some of its most important clients. The hacker accessed the organization’s global email server through an administrative account that required only a single password and lacked multi-factor authentication. This breach highlights the importance of using more than just a login ID and password to protect critical information.

Additional Guidance

Our Security Advisor team recommends using strong, unique passwords and enabling two-factor authentication wherever possible. Using a passphrase is an excellent way to create a password that is both complex and easy to remember without writing it down. Avoid reusing passwords, as minor changes (e.g., PassKid$2017 to PassKid$2018) are easily guessable. Ensure your new passwords are significantly different from previous ones.

By following these tips, you can enhance the security of your online accounts and protect your sensitive information from cyber threats. Stay vigilant and prioritize cybersecurity in your digital practices.